import java.sql.*;
import java.util.Scanner;

public class T2 {

    public static void main(String[] args) {
        Connection connection = null;
        Statement statement = null;
        ResultSet resultSet =null;
        try {
            connection = DbUtil.getConnection();

            statement = connection.createStatement();

            Scanner scanner = new Scanner(System.in);
            System.out.println("请输入用户名");
            String u = scanner.nextLine();
            System.out.println("请输入密码");
            String s = scanner.nextLine();

            // 准备sql语句
//            String sql = "select * from user where name='"+u+"' and pwd='"+s+"'";
//            resultSet =  statement.executeQuery(sql);

            // 预处理
            // 1.更改sql语句参数拼接方式：预处理使用？进行占位！！
            String sql = "select * from user where name=? and pwd=? ";
//            resultSet =  statement.executeQuery(sql);

            // 2.获取预处理对象
            PreparedStatement ps = connection.prepareStatement(sql);
            // 3.绑定参数
            ps.setString(1,u);
            ps.setString(2,s);

            resultSet = ps.executeQuery();

            // 处理结果
            if (resultSet.next()){
                System.out.println("登录成功！！");
            }else{
                System.out.println("登录失败，用户名或者密码错误！！");
            }

        } catch (SQLException e) {
            e.printStackTrace();
        }finally {
            DbUtil.close(resultSet,statement,connection);
        }


    }
}
